Today's post offers provide practical, step-by-step guidance to help you move your existing devices to Windows 10, version 2004—the latest Windows 10 feature update—as quickly and seamlessly as possible.
In the current remote-first work environment, many businesses are finding that they need to modify and modernize their existing processes to maintain and ensure business continuity. IT admins globally have had to rapidly react, getting users up and running with secure remote work options and finding the best ways to keep remote devices up to date with monthly updates. Last month, we published tactical guidance to help you optimize Windows monthly update deployment for remote devices. This month, we are outlining the steps that will help you deploy feature updates in your production environments while pivoting to a remote workforce using Microsoft Endpoint Configuration Manager to manage devices. While we know many companies are still using more traditional processes, the steps provided in this post leverage cloud resources to reduce bandwidth, reduce the workload on you as the IT admin, and, most importantly, improve the end user experience in a secure way.
Microsoft's guidance for adopting a faster Windows 10 update cadence has remained consistent: plan, prepare, and deploy. With so many people working remote, IT professionals need to embrace new mechanisms to perform this work securely through the internet. These new mechanisms may include configuring endpoints via Configuration Manager to receive updates from Windows Update—or using Windows Update for Business to take advantage of a full set of IT admin controls while leveraging the agility and innovation of the Windows Update service.
The calendar below shows a potential timeline for rolling out Windows 10, version 2004 across your organization, one that is aligned with Microsoft 365 Apps and Configuration Manager release cycles.
Figure 1. Deployment calendar for Windows 10, version 2004
While the calendar timeline above depicts the rollout of Windows 10, version 2004, this same approach can be used as a guide regardless of which version of Windows 10 is currently running on the devices in your environment and which version you are targeting with your rollout. By following a process based on plan, prepare, and deploy, you can successfully deploy feature updates in less time and avoid running up against (or past) end of service dates. As a result, we encourage you to read through the process and see how connecting to Microsoft's cloud resources can help you accelerate and evolve legacy processes in order to provide a more protected and productive environment for end users.
In a world of remote workers, it is critical to reconsider how direct internet connections can be used to securely service Windows devices. To ensure that end user devices stay up to date and continue to receive security updates by being on a supported version of Windows 10, we have to modernize existing processes. That means reducing consumption of corporate network bandwidth while embracing cloud services. Here are recommendations tailored to supporting this effort regardless of your corporate network architecture:
We know you need to feel confident that a Windows 10 feature update will not cause interruption to your critical line of business applications. Microsoft is committed to ensuring your apps work on the latest versions of our software and, with Microsoft App Assure, commercial customers Apps with an eligible subscription can receive no-cost app compatibility assistance when deploying Windows 10 and Microsoft 365. As a result of our confidence in application and device compatibility, we recommend the following steps when planning for the next Windows 10 feature update.
In order to deploy Windows 10 feature updates at scale for remote workers, you need to ensure that your deployment engine is ready. This includes making sure your infrastructure and security applications are up to date with supported versions, and training support teams if and as needed. To ensure you are successful in your deployment planning, we recommend the following activities:
The deployment of a Windows 10 feature update alongside updates to infrastructure and configuration and productivity applications will unlock new features and working scenarios for users and IT professionals alike. As a result, all parties should be aware of the new features or functionality that help streamline deployment and make the end user experience better. The constant innovations in the servicing stack of the OS, or with Configuration Manager and Intune, may provide added benefits to the deployment that weren't previously available. Capability planning should, particularly at the present time, be focused on improving remote worker experiences, maintaining productivity, and minimizing user interruption during the update process. The following recommendations provide structure to help you achieve these outcomes:
With an application portfolio in place, and application importance/ownership assigned, critical applications can be tested, and important applications can be validated. The focus of this section is how to test, and how to expand testing to a pilot group. Desktop Analytics can dramatically improve insights during compatibility preparation into remediations or additional testing needed. By acting as an early warning system, Desktop Analytics facilitates the move from prepare to deployment by reducing—if not eliminating—manual compatibility testing. It also enables you to rationalize your application estate, identify critical versus important applications, and prepare accordingly. Regardless of the approach used, we recommend that you conduct the following activities during this stage:
When preparing for deployment, the focus is on upgrading (if necessary) your infrastructure and configurations to support the new Windows 10 feature update and remote workers.
Windows Update for Business uses a set of policies which may be unfamiliar and may need to be rationalized between Configuration Manager and Intune to create a predictable end user experience. Making preparations at this point in the process will save support costs down the road related to help desk support and inevitably improve end user satisfaction with the update. Once this work is done for the first time, preparation for subsequent feature updates through Windows Update for Business will be streamlined significantly.
We recommend that the following steps be completed ahead of the pilot deployment phase.
The capability initiatives you defined in the planning phase are implemented or configured in the prepare phase. As a result, we recommend the following activities to empower users to receive additional value out of Windows 10 + Microsoft 365 Apps:
Deploying a Windows 10 feature update through Windows Update for Business is a unique shift from traditional deployment methods. Instead of “push” controls where you send down the update to the next ring of devices, Windows Update for Business provides “pull” controls to prevent the update from automatically going to the next ring. This is a mental shift for many IT admins as they have little to do if everything is going right. More attention needs to be spent to determine if an update needs to be stopped or slowed in the event that end users are having a poor or broken experience. Again, Desktop Analytics can provide real-time data to help make decisions and increase IT confidence in those decisions.
Once you have prepared and updated your configurations and infrastructure, you are ready for a pilot deployment. The first-time work to prepare, and the results afforded by, the pilot through Windows Update for Business provide long-term value for every future feature or quality update deployment. Updates are automatically optimized for the smallest update package size and the lowest latency regardless of how and where devices connect, assuming that devices are directly connected to the internet and not running back through the corporate VPN.
Recommendations for the pilot deployment phase are as follows:
Once the pilot deployment results in a consistent, predictable, and satisfactory end user experience, it is time to create your deployment rings and proceed with broad deployment. Windows Update for Business settings will continue to update devices unless you purposefully stop deployment. Once your first broad deployment is conducted, monitor update velocity and consider increasing that speed for the next feature update, for example, using the recommendations outlined in Optimizing Windows 10 update adoption.
The Windows Update service operates at massive scale, rolling out Windows updates to the consumer population globally and has the capacity to update devices connected through Windows Update for Business in short order. As corporate devices are updated to a version of Windows 10 closer to the latest release (for example, Windows 10, version 2004) using Windows Update for Business, the end user experience will improve with without much additional IT admin workload.
To accelerate the deployment of Windows 10, we recommend the following:
This post has provided guidance and recommendations on how to stay keep a remote workforce and your device ecosystem current with Windows 10 by leveraging direct internet connections in secure ways. By aligning to a plan, prepare, and deploy motion, you will be able to maintain a serviced version of Windows 10 on a faster cadence, which helps to harden the operating system against malicious intent, simplifies OS administration for IT, improves = performance, adds new capabilities, and unlocks new working scenarios. Examples of a successful transition can be found in the experience of our own Core Services Engineering and Operations (CSEO) team. Let us know if you find this article helpful, and which approaches best help your organization maintain up to date, productive, and secure devices for remote workers.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.